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viewing message <56luge$6on@bertrand.ccs.carieton.ca> 
Netlntelligence Filter - stop:- spam, virus, content, porn Corporate Email SP °7S. 

Filter ♦ www.netintelligence.com . . , * ^ 

Block More Spam • Award winning IronMail. Enterprise email security. • wwwx.phertrust.com 
Eliminate Annoying Spam . PC Worid Best Buy Award: iHateSpam V4 for Outlook, Hotma.l, ^ 

and others • www.iHateSpam.net fT* 

Newsgroups: news.admm.net-abuse.usenet r original Formal 

Date: 1996/11/17 " ^ 

> on 15 Nov 1996 00:41:49 GMT, Brandon Hume <hume@isisnet.com> wrote: ^ 

I >How is a program supposed to distinguish junk mail from ™ail ^at^ou ^ 

> Actually, want? what would your ISP's customers DO x£ they even HEARD 

> ^SrSSr were filtering your email? Nothing good, I assure you. g 

I've thought long and hard about this and have comeup with a 3 
solution which will stop spammxng. All I need is cne 
it -- if someone else wants to do it, go ahead! 

w™.« i-he scoop- I want to make SURE a person is sending me e-mail 
and not a compter. I distinguish three kinds of e-mail addresses: 

1 - Trusted addresses - these are addresses of friends or associates. 
Mail from these addresses gets sent to my mailbox. 

2 - Known bad addresses - - these are addresses which I know are used 
l Y sptmm^rs Mail from those addresses gets silently discarded. 

3 - unknown addresses. These are the tricky ones. When mail is received 
from an unknown address, my autoresponder respond 
puzzle is a random challenge that is very easy for a human to respond 
?o! but next to impossible for a computer. For example, the reply 
could look like this: 

I apologize for the inconvenience, but due the prevalence of 
spamming, I ask that you authenticate yourself as a human. 
UlTse Si-nail your message adding the following header: 

X- Not -Spam: xxxxx 

replacing the "xxxxx" by the English name of the fourth month, 
all in lower case. 

Once again, I apologize for the inconvenience and trust that 
you are understanding. Regards, 

Of course, you need a file of many simple "puzzles" ^flS UltllT have 
in the replj appropriately. The program keeps track of which v*nlem have 
been sent to whom, and only allows you to see mail from people wno 
successfully authenticate themselves. This is trivial for a person, but 
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a nightmare for someone who wants to mass -mail thousands of people, each 

of whom has a different puzzle. After a c ouple of authentication failures, 

fe he-prog^rara--would-marlc^e^-ddress^s-•■had 1 • ana aiscarcT«d. from it,- ~ 

breaking potential bounce cycles. 

Mail from "postmaster" is problematic -- you really mighty want to see 
messages about mail that you sent that has problems, but you don't want 
to simply allow all "postmaster" messages through spammers will simply 
fake that as their source address. So, you need to add a random string 
to all *outgoing* messages. If outgoing mail bounces, the mail system 
will include the message body (or at least the header) . -The program 
can verify that mail purportedly from postmaster contains the string 
and isn't unsolicited. 

Of course, if you send mail to someone, you should include 
instructions for authentication to reduce the inconvenience for that 
person if he/she wishes to reply - 

The advantage of this scheme over others is that most other junk filters 
allow the first message through and force you to manually remove spam 
addresses. This scheme treats all unknown addresses with suspicion, 
which makes it slightly inconvenient for legitimate users, but next to 
impossible for spammers to get through. It can be refined ad nauseum 
by adding timers to passwords, checking for addresses attempting mail 
bombing, etc.- 

Regards, 

David - 

P.S. I've deliberately set a bad reply- to address; r don't want to 
be mail -bombed for this! :-) 
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